Automatic emails not received from @kraken.com and @teamviewer.com

Hi all,
i hope you are well and safe.

i signed up on kraken.com and teamviwer.com.
when support wrote emails to me, i can receive their emails. but i do not receive any automatic emails like :

• when i should receive 2FA email code (kraken),
• or when i should receive email to confirm device is a trusted device (teamviewer).

i had a look at /var/log/mail.log, nothing found (like no email arrived)
all is ok in MIAB Status Check, all is Ok to at Domain Health Check - Online Domain Tools - Blacklist, Email, Website, DNS - MxToolBox <mydomain.tld>

does someone faced same kind of troubles ? do you succeed to fix this issue ?

currently i’m not able to use those 2 solutions (kraken.com or teamviewer.com)

many thanks in advance by your help
François

If there is no record, at all, of an attempted email from their servers, then there is something wrong on their end.

You might try setting an account up using a freemail account so you can inspect the email headers and see if something there can help you.

If you have trouble knowing where in the logs the email should be, you could try the following, as these are the only things that I can think of that would block an email:

$ grep username@example /var/log/mail.log | grep schweikert

This will pull up a lot of emails, but see if any of them look like the from address might be the email you are looking for, then grep for that email address or even just the domain used to see if they ever attempted a retry.

If that doesn’t pull anything up, you can check if they are currently blacklisted, as happens even for big companies:

$ grep username@example /var/log/mail.log | grep spamhaus

If that doesn’t work, then something else is wrong, and likely it’s somehow on their end, so you may need to elevate a ticket to get to someone that review the logs they generate. Possibly there is something they don’t like, as certainly Teamviewer is dealing with hordes of scheisters so may have additional protections in place, even on registered accounts.

Note their support emails are likely sent from some completely different server.

Hi Openletter,

many thanks for your feedback.

Nothing blocked seen with “grep spamhaus” command
but lots of email blocked detected with “grep scheikert” command.

Jun 30 09:50:54 box postfix/smtpd[9479]: NOQUEUE: reject: RCPT from mta.marketing.kraken.com[13.111.172.185]: 450 4.2.0 xxxxx@domain.tld: Recipient address rejected: Greylisted, see Postgrey Help<domain.tld>.html; from=bounce-227_HTML-109214141-133116-514004678-12340@bounce.marketing.kraken.com to=email@domain.tld proto=ESMTP helo=<mta.marketing.kraken.com>

Jul 6 10:05:45 box postfix/smtpd[32124]: NOQUEUE: reject: RCPT from o26.logmeininc.com[149.72.66.116]: 450 4.2.0 email@domain.tld: Recipient address rejected: Greylisted, see Postgrey Help from=bounces+2129455-708f-email=domain.tld@msg.gotowebinar.com to=email@domain.tld proto=ESMTP helo=<o26.logmeininc.com>

I do not understand remark : “Recipient address rejected”
I have 1 regular email address and all aliases are catched to it (catch-all in place)
I can well receive emails to needed aliases when i test them through my gmail address.

What can i do to receive in my mailbox those emails ? even if it is in spam folder

Best regards
François

I created a new account on kraken.com with gmail address to test.
I well receive automatic emails from Kraken to this gmail address.

With “gmail” address, i receive emails that contain autorization code"
whith “mailinabox” address : same email is not received (neither mailbox, nor spam)

sender is : noreply@kraken.com

Best regards
François

i’m able to see all logs issues in /var/log/mail.log

about Teamviewer : more mail.log |grep teamviewer

i have lots of logs “reject”

Jul 9 12:12:33 box postfix/smtpd[2768]: NOQUEUE: reject: RCPT from de-smtp-delivery-102.mimecast.com[194.104.111.102]: 450 4.1.8 noreply-accounting@teamviewer.com: Sender address rejected: Domain not found; from=<noreply-accounting@te
amviewer.com> to=email@domain.tld proto=ESMTP helo=<de-smtp-delivery-102.mimecast.com>

as i do not receive email, i’m not able to click on link inside and to be able to add my device as trusted on Teamviewer.

how can i fix this issue with “mailinabox” please ?

(same process with gmail address works well)

best regards
François

Hi François

The first situation with @kraken.com is easily understood.

MiaB uses greylisting as a spam control method. With greylisting every new sending domains initial email is ‘bounced’ with an error message that when received properly configured sending email servers will simply reque and resend the email. Apparently @kraken.com's email server is not configured to retry sending these emails.

You should be able to add the sending mailserver to the postgrey white list. Details may be found elsewhere on the forum.

The second issue with @teamviewer.com is more obscure though … indications are that it is an issue with your boxes DNS.

How were these email attempts each sent? Did you make one request and receive the two, or did you make two requests and receive one after each request?

Simple !

for Kraken
when i log on their website, they send email with an authentification code inside.

for Teamviewer
when i log on their website, they send an email with an URL to confirm Browser/device is trusted

as i’m not able to see their email neither in mailbox neither spam folder, for both of them i cannot use those platforms with my mailbox managed on MIAB.

This isn’t answering my question:

Depending on how you answer, it may require different solutions.

Not sure to get you openletter

For each provider (kraken or teamviewer) an email from them is sent to me.
For kraken, when i log on their website, i should receive an email which has a “2FA” code (i do not receive)
For teamviewer, that is the almost the same (link url instead of a 2FA code)

For both of them, with emails managed on MIAB, i’m not able to receive any email (mailbox or spam) while it works well with gmail address.

From your logs you posted two email attempts. Does each of these attempts correlate with a separate log in attempt? In other words, was there a total of two log in attempts, with each attempt generating one email?

If they are sending only one email for each log in attempt, it means their servers are not properly following the published standards on email.

If you are using aliases, and there is a unique alias for each service provider, you might do better by running grep username@example /var/log/mail.log where username is the unique alias for Kraken and seeing if there is any rejected email attempt after rejected message.

If there isn’t, then we can work through a solution at least for that service.

Hi openletter
still not sure to understand

for each website used 1 dedicated alias is used (i used catch-all solution on MIAB).

for example :
amazon → amazon@mydomain.tld
kraken → kraken@myemail.tld
teamviewer → teamviewer@mydomain.tld
and so on…

Okay, so what are the results of:

$ grep kraken@example /var/log/mail.log

Also check the rotated log:

$ grep kraken@example /var/log/mail.log.1

What postgrey is doing is filtering out spam by forcing sending servers to follow the published standards on mail servers, and the vast majority of spam servers do not have this capability. The standard states when when receiving a defined response from the receiving server that says “try back later”, the sending server is supposed to try again later. On the retry, postgrey will pass the email and it will be delivered, assuming it passes other checks.

However, some not-spam sending servers are configured to not re-send, and other not-spam sending servers are part of very complex server pools that re-send from different servers each retry. In both cases, we have to change how postgrey handles the email, and usually the solutions are different.

In your case, since you are using an alias, you could create the file /etc/postfix/postgrey_whitelist_recipients and add kraken@example.com to the file, then restart postgrey and postfix.

You may consider slightly changing your email address to something like kraken4francois@example.com. While I’m not big on security through obscurity, spammers to try guessing things like this.

Note that if you read that Kraken has suffered a breach of email address database, you should switch the account to a different email address and replace the one in the whitelist, because you are about to get spammed.

There is also a kludge that you can use @Anonymous78f

When you log on to to the Kraken website I presume that they show you a message that a “2FA” code has been sent to your email … and an option to have it resent. Wait 3 minutes and then ask for it to be resent.

Let me know if that works for you.

hi openletter

for kraken provider, i got those kinds of logs:

Jun 30 09:50:53 box postfix/smtpd[9479]: connect from mta.marketing.kraken.com[13.111.172.185]
Jun 30 09:50:53 box postfix/smtpd[9480]: connect from mta.marketing.kraken.com[13.111.172.185]
Jun 30 09:50:54 box postgrey[1116]: action=greylist, reason=new, client_name=mta.marketing.kraken.com, client_address=13.111.172.185/32, sender=bounce-227_HTML-109214141-133116-514004678-12340@bounce.marketing.kraken.com, recipient=kraken@domain.tld
Jun 30 09:50:54 box postfix/smtpd[9479]: NOQUEUE: reject: RCPT from mta.marketing.kraken.com[13.111.172.185]: 450 4.2.0 kraken@domain.tld: Recipient address rejected: Greylisted, see Postgrey Help from=bounce-227_HTML-109214141-133116-514004678-12340@bounce.marketing.kraken.com to=kraken@domain.tld proto=ESMTP helo=<mta.marketing.kraken.com>
Jun 30 09:50:55 box postfix/smtpd[9480]: disconnect from mta.marketing.kraken.com[13.111.172.185] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6

to try to fix it, on today i did that :

sudo nano /etc/postfix/sender_access

support-request@teamviewer.com OK
noreply@kraken.com OK
noreply@futures.kraken.com OK
noreply@email2.kraken.com OK
noreply@marketing.kraken.com OK
noreply@mail.cryptowat.ch OK

sudo service postfix restart

since now i have those logs when i ask to receive email that contains 2FA code inside email

Jul 10 19:36:09 box postgrey[1194]: action=pass, reason=triplet found, client_name=mail201.static.mailgun.info, client_address=104.130.122.201/32, sender=bounce+87b8c7.89a8dc-kraken=domain.tld@kraken.com, recipient=kraken@domain.tld
Jul 10 19:36:12 box postfix/cleanup[3618]: 31377FC03F: message-id=1625938547.156413.6218.@mail.kraken.com
Jul 10 19:36:12 box opendkim[959]: 31377FC03F: s=krs d=kraken.com SSL
Jul 10 19:36:12 box opendmarc[857]: 31377FC03F: SPF(mailfrom): bounce+87b8c7.89a8dc-kraken=domain.tld@kraken.com pass
Jul 10 19:36:12 box opendmarc[857]: 31377FC03F: kraken.com pass
Jul 10 19:36:12 box postfix/qmgr[1328]: 31377FC03F: from=bounce+87b8c7.89a8dc-kraken=domain.tld@kraken.com, size=3814, nrcpt=1 (queue active)
Jul 10 19:36:12 box postfix/lmtp[3620]: 31377FC03F: to=holding@domain.tld, orig_to=kraken@domain.tld, relay=127.0.0.1[127.0.0.1]:10025, delay=3.9, delays=3.9/0.01/0.01/0, dsn=5.6.7, status=bounced (SMTPUTF8 is required, but was not offered by host 127.0.0.1[127.0.0.1])
Jul 10 19:36:13 box postfix/smtp[3624]: looking for session smtp&kraken.com&aspmx.l.google.com&64.233.166.26&&E2AB50492004678FAAFC52F4C5487F2E2FF0964EF32B3089EACA28F10AC1B9BC in smtp cache
Jul 10 19:36:13 box postfix/tlsmgr[1543]: lookup smtp session id=smtp&kraken.com&aspmx.l.google.com&64.233.166.26&&E2AB50492004678FAAFC52F4C5487F2E2FF0964EF32B3089EACA28F10AC1B9BC
Jul 10 19:36:13 box postfix/smtp[3624]: save session smtp&kraken.com&aspmx.l.google.com&64.233.166.26&&E2AB50492004678FAAFC52F4C5487F2E2FF0964EF32B3089EACA28F10AC1B9BC to smtp cache
Jul 10 19:36:13 box postfix/tlsmgr[1543]: put smtp session id=smtp&kraken.com&aspmx.l.google.com&64.233.166.26&&E2AB50492004678FAAFC52F4C5487F2E2FF0964EF32B3089EACA28F10AC1B9BC [data 2163 bytes]
Jul 10 19:36:13 box postfix/tlsmgr[1543]: write smtp TLS cache entry smtp&kraken.com&aspmx.l.google.com&64.233.166.26&&E2AB50492004678FAAFC52F4C5487F2E2FF0964EF32B3089EACA28F10AC1B9BC: time=1625938573 [data 2163 bytes]
Jul 10 19:36:13 box postfix/smtp[3624]: save session smtp&kraken.com&aspmx.l.google.com&64.233.166.26&&E2AB50492004678FAAFC52F4C5487F2E2FF0964EF32B3089EACA28F10AC1B9BC to smtp cache
Jul 10 19:36:13 box postfix/tlsmgr[1543]: put smtp session id=smtp&kraken.com&aspmx.l.google.com&64.233.166.26&&E2AB50492004678FAAFC52F4C5487F2E2FF0964EF32B3089EACA28F10AC1B9BC [data 2163 bytes]
Jul 10 19:36:13 box postfix/tlsmgr[1543]: write smtp TLS cache entry smtp&kraken.com&aspmx.l.google.com&64.233.166.26&&E2AB50492004678FAAFC52F4C5487F2E2FF0964EF32B3089EACA28F10AC1B9BC: time=1625938573 [data 2163 bytes]
Jul 10 19:36:13 box postfix/smtp[3624]: E31F6FCE00: to=bounce+87b8c7.89a8dc-kraken=domain.tld@kraken.com, relay=aspmx.l.google.com[64.233.166.26]:25, delay=0.47, delays=0/0.04/0.18/0.24, dsn=2.0.0, status=sent (250 2.0.0 OK 1625938573 a10si11845075wrf.377 - gsmtp)

that is better, i have more logs in mail.log BUT still no email received in mailbox or spam folder.

This looks more like the output of grep kraken /var/log/mail.log. The retry is going to be some number of minutes after the reject.

The sendera_access solution I proposed on a different thread may not be as good in this case as the above whitelist suggestion. They may forever be using different email addresses including different subdomains.

Hardly … you are now rejecting emails that are being accepted by postgrey according to the log you have posted.

sender_access is used to REJECT emails, the opposite result than what is desired here.

@alento It looks like it can be used to accept or reject mails. However I’m not sure how it would interact with PostGrey

I’ve used Teamviewer without an account before so I decided to set up an account with them using my box address. For me postgrey worked as expected.

# cat mail.log | grep team
Jul 11 09:24:15 box postfix/smtpd[16723]: connect from mail1301.teamviewer.com[37.252.230.29]
Jul 11 09:24:16 box postgrey[1156]: action=greylist, reason=new, client_name=mail1301.teamviewer.com, client_address=37.252.230.29/32, sender=AccountActivation-noreply@teamviewer.com, recipient=mme@myaddress.co.uk
Jul 11 09:24:16 box postfix/smtpd[16723]: NOQUEUE: reject: RCPT from mail1301.teamviewer.com[37.252.230.29]: 450 4.2.0 <me@myaddress.co.uk>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/timothydutton.co.uk.html; from=<AccountActivation-noreply@teamviewer.com> to=<me@myaddress.co.uk> proto=ESMTP helo=<mail1301.teamviewer.com>
Jul 11 09:24:16 box postfix/smtpd[16723]: disconnect from mail1301.teamviewer.com[37.252.230.29] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8
Jul 11 09:30:04 box postfix/smtpd[18037]: connect from mail1301.teamviewer.com[37.252.230.29]
Jul 11 09:30:04 box postgrey[1156]: action=pass, reason=triplet found, delay=348, client_name=mail1301.teamviewer.com, client_address=37.252.230.29/32, sender=AccountActivation-noreply@teamviewer.com, recipient=me@myaddress.co.uk
Jul 11 09:30:04 box postfix/smtpd[18037]: A2D7517A8AB: client=mail1301.teamviewer.com[37.252.230.29]
Jul 11 09:30:04 box opendkim[4753]: A2D7517A8AB: s=anexia d=teamviewer.com SSL
Jul 11 09:30:06 box opendmarc[946]: A2D7517A8AB: SPF(mailfrom): AccountActivation-noreply@teamviewer.com pass
Jul 11 09:30:06 box opendmarc[946]: A2D7517A8AB: teamviewer.com pass
Jul 11 09:30:06 box postfix/qmgr[16884]: A2D7517A8AB: from=<AccountActivation-noreply@teamviewer.com>, size=20771, nrcpt=1 (queue active)
Jul 11 09:30:06 box postfix/smtpd[18037]: disconnect from mail1301.teamviewer.com[37.252.230.29] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jul 11 09:30:08 box spampd[21914]: clean message (unknown) (-7.72/5.00) from <AccountActivation-noreply@teamviewer.com> for <me@myaddress.co.uk> in 2.12s, 21143 bytes.

So at least for Teamviewer, I can’t see any reason why the OP wouldn’t be receiving those mails.

Hi @ravenstar68

If you’ll notice, the account activation emails from Teamviewer come from a different MTA entirely. As I understand, Postgrey works on a MTA by MTA basis, not specifically the sender.

Could you perhaps test the step where @Anonymous78f is having difficulties … in adding a trusted device?

I had a Teamviewer account years ago, so I went looking for their emails. It seems that they were sending the emails directly from their servers at the time rather than relying on mimecast.com to do so.

@Anonymous78f perhaps you could contact Teamviewer support and inform them that your email provider uses Postgrey, but their email service is not retrying delivery as it should … it may not help, but it cannot hurt.